Versions Compared

Old Version 5

changes.mady.by.user Larry McCay

Saved on

compared with

New Version Current

changes.mady.by.user Kevin Minder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    1. Get the gateway-identity public key from Apache Knox {GATEWAY_HOME}/data/security/keystores/gateway.jks via keytool or portecle (see Extracting Knox Public Key for SAML IdP Configuration section for details)

    2. Get the SSO provider URL for the KnoxSSO websso endpoint (i.e. https://c6401.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso)

    3. su to root {pw: vagrant}

    4. start the sso wizard:

...

[root@c6401 knox-0.9.0]# ambari-server restart

Extracting Knox Public Key for

...

IdP Configuration

There are multiple ways that you can do this.

The following will use keytool and openssl to first extract a der PEM encoded cert and then to convert DER to PEM encodingfrom the gateway keystore:

 [vagrant@c6401 knox-0.9.0]$ keytool -exportexportcert -keystore data/security/keystores/gateway.jks -alias gateway-identity -filerfc -file gateway.cerpem
Enter keystore password:{master secret}
Certificate stored in file <gateway.cer>
Now convert the cer file into pem encoding via openssl:
[vagrant@c6401 knox-0.9.0]$ openssl x509 -inform der -in gateway.cer -out gateway.pempem>

 

For the Ambari SSO wizard the content between

...

            <value>30000</value>

        </param>

        <param>

           <name>knoxsso.redirect.whitelist.regex</name>

           <value>^https?:\/\/(c64\d\d\.ambari\.apache\.org|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>

        </param>

    </service>

</topology>